Versions Compared

Version Old Version 6 New Version 7
Changes made by

Kamil Możdżyński

Kamil Możdżyński

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The SB file is the NXP binary file format for bootable images. The file consists of sections, a sequence of bootloader commands, and data that assists MCU Bootloader in programming the image to target memory. The image data can also be encrypted in the SB file. The file can be downloaded to the target using the MCU Bootloader receive-sb-file command.

Related Documents:

MBOOTELFTOSBUG elftosb User's Guide

MCUBLHOSTUG blhost User's Guide

...

i.MX RT bootable image

There are two types of supported boot images:

  • XIP (Execute-In-Place) boot image: This type of boot image is only applicable to Serial NOR devices connected to QuadSPI or FlexSPI interfaces and Parallel NOR devices connected to WEIM or SEMC interface. The boot device memory is identical to the destination memory. ROM can boot this boot image directly.

  • Non-XIP boot image: This type of boot image is usually for the NAND, SD, and eMMC devices that does not support the XIP feature. The boot device memory is different from the destination memory. ROM loads the boot image from the Boot device memory to Destination memory and then boots from the Destination memory

Boot image format

Some data structures must be included in the bootable image. The bootable image consists of i.MX RT bootable image:

...

To make the manufacturing process easier, all the commands supported by Flashloader and bootable images can be wrapped into a single SB file. Even if there are any changes in the application, Gangflasher-NXP still uses this SB file to manufacture. The SB file can be updated separately without updating Gangflasher-NXP settings.

Related Documents:

MBOOTELFTOSBUG elftosb User's Guide

MCUBLHOSTUG blhost User's Guide

...

i.MX RT bootable image

There are two types of supported boot images:

  • XIP (Execute-In-Place) boot image: This type of boot image is only applicable to Serial NOR devices connected to QuadSPI or FlexSPI interfaces and Parallel NOR devices connected to WEIM or SEMC interface. The boot device memory is identical to the destination memory. ROM can boot this boot image directly.

  • Non-XIP boot image: This type of boot image is usually for the NAND, SD, and eMMC devices that does not support the XIP feature. The boot device memory is different from the destination memory. ROM loads the boot image from the Boot device memory to Destination memory and then boots from the Destination memory

Boot image format

Some data structures must be included in the bootable image. The bootable image consists of i.MX RT bootable image:

  • Image Vector Table (IVT): a list of pointers located at a fixed address that ROM examines to determine where the other components of the bootable image are located.

  • Boot Data: a table that indicates the bootable image location, image size in bytes, and the plugin flag

  • Device configuration data (DCD) (optional): IC configuration data, usually is used to configure DDR/SDRAM memory. This is optional

  • User application and data

  • CSF (optional): signature block for Secure Boot, generated by CST

  • KeyBlob (optional) – a data structure consists of wrapped DEK for encrypt boot

...

Expand
titleGenerate signed normal i.MX RT bootable image

To generate a signed bootable image using elftosb utility, perform the following steps:

Step 1: Create a BD file. The BD file can be as follows

Code Block
options {
    flags = 0x08;
    startAddress = 0x60000000;
    ivtOffset = 0x1000;
    initialLoadSize = 0x2000;
}
sources {
    elfFile = extern(0);
}
constants {
    SEC_CSF_HEADER              = 20;
    SEC_CSF_INSTALL_SRK         = 21;
    SEC_CSF_INSTALL_CSFK        = 22;
    SEC_CSF_INSTALL_NOCAK       = 23;
    SEC_CSF_AUTHENTICATE_CSF    = 24;
    SEC_CSF_INSTALL_KEY         = 25;
    SEC_CSF_AUTHENTICATE_DATA   = 26;
    SEC_CSF_INSTALL_SECRET_KEY  = 27;
    SEC_CSF_DECRYPT_DATA        = 28;
    SEC_NOP                     = 29;
    SEC_SET_MID                 = 30;
    SEC_SET_ENGINE              = 31;
    SEC_INIT                    = 32;
    SEC_UNLOCK                  = 33;
}
section (SEC_CSF_HEADER; 
    Header_Version="4.2", 
    Header_HashAlgorithm="sha256", 
    Header_Engine="DCP", 
    Header_EngineConfiguration=0, 
    Header_CertificateFormat="x509",
    Header_SignatureFormat="CMS"
    )
{
}
section (SEC_CSF_INSTALL_SRK; 
    InstallSRK_Table="keys/SRK_1_2_3_4_table.bin", // "valid file path"
    InstallSRK_SourceIndex=0 
    )
{
}
section (SEC_CSF_INSTALL_CSFK; 
    InstallCSFK_File="crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem", // "valid file path"
    InstallCSFK_CertificateFormat="x509" // "x509"
     )
{
}
section (SEC_CSF_AUTHENTICATE_CSF)
{
}
section (SEC_CSF_INSTALL_KEY; 
    InstallKey_File="crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem", 
    InstallKey_VerificationIndex=0, // Accepts integer or string 
    InstallKey_TargetIndex=2) // Accepts integer or string 
{
}
section (SEC_CSF_AUTHENTICATE_DATA;
    AuthenticateData_VerificationIndex=2, 
    AuthenticateData_Engine="DCP",
    AuthenticateData_EngineConfiguration=0) 
{
}
section (SEC_SET_ENGINE;
    SetEngine_HashAlgorithm = "sha256", // "sha1", "Sha256", "sha512" 
    SetEngine_Engine = "DCP", // "ANY", "SAHARA", "RTIC", "DCP", "CAAM" and "SW" 
    SetEngine_EngineConfiguration = "0") // "valid engine configuration values"
{
}
section (SEC_UNLOCK;
    Unlock_Engine = "SNVS",
    Unlock_features = "ZMK WRITE" 
    )
{
}

After the blank BD file is created, place it into the same folder that holds elftosb utility executable.

Step 2: Copy Flashloader.srec provided in the release package into the same folder that holds elftosb utility executable.

Step 3: Copy the “cst” executable, “crts” folder, and “keys” folder from “<cst_installation_dir>” to the same folder that holds elftosb utility executable.

Step 4: Generate a bootable image using elftosb utility.

Code Block
elftosb.exe", "DCP", "CAAM" and "SW" 
    SetEngine_EngineConfiguration = "0") // "valid engine configuration values"
{
}
section (SEC_UNLOCK;
    Unlock_Engine = "SNVS",
    Unlock_features = "ZMK WRITE" 
    )
{
}

After the blank BD file is created, place it into the same folder that holds elftosb utility executable.

Step 2: Copy Flashloader.srec provided in the release package into the same folder that holds elftosb utility executable.

Step 3: Copy the “cst” executable, “crts” folder, and “keys” folder from “<cst_installation_dir>” to the same folder that holds elftosb utility executable.

Step 4: Generate a bootable image using elftosb utility.

Code Block
elftosb.exe -f imx -V -c imx-signed.bd -o ivt_flashloader_signed.bin flashloader.srec

Then, there are two bootable images generated by elftosb utility. The first one is ivt_flashloader_signed.bin. The memory regions from 0 to ivt_offset is filled with padding bytes (all 0x00s). The second one is ivt_flashloader_signed_nopadding.bin, which starts from ivt_offset directly. The CSF section is generated and appended to the unsigned bootable image successfully.

Generate SB file for bootable image programming

Expand
titleGenerate SB file for plaintext FlexSPI NOR image programming

Usually, a BD file for FlexSPI NOR boot consists of 7 parts.

  1. The bootable image file path is provided in the sources block

    Code Block
    sources {
  myBinFile = extern(0)
}

  2. The FlexSPI NOR Configuration Option block is provided in section block
    The example presents setup for Hyperflash 1v8 Query pads: 8, Frequency: 133MHz

    Code Block
    section(0) {
  ...
  load 0xC0233007 > 0x2000;
  ...
}

  3. To enable FlexSPI NOR access, the “enable” command must be provided following the above option block.

    Code Block
    section(0) {
  ...
  enable flexspinor 0x2000;
  ...
}

  4. In case the Flash device is not erased, an “erase” command is required before programming data to the Flash device. The erase operation is time-consuming and is not required for a blank Flash device (factory setting) during Manufacturing.

    Code Block
    section(0) {
  ...
  erase 0x60000000..0x6001000;
  ...
}

  5. The FlexSPI NOR Configuration Block (FNORCB) is required for FlexSPI NOR boot. To program the FNORCB generated by FlexSPI NOR Configuration Option block, a special magic number ‘0xF000000F” must load into RAM first.
    ROM configures FlexSPI interface with the parameters provided in configuration block read from Serial NOR flash and starts the boot procedure. Refer to Table 9-18 in Reference Manual for details regarding FlexSPI configuration parameters and to the FlexSPI NOR boot flow chart for a detailed boot flow chart of FlexSPI NOR.

    Code Block
    section(0) {
  ...
  load 0xf000000f > 0x3000;
  ...
}

  6. To notify the Flashloader to program the FNORCB, an “enable” command must be used following the magic number loading.

    Code Block
    section(0) {
  ...
  enable flexspinor 0x3000;
  ...
}

  7. After above operation, Flashloader can program the bootable image binary into Serial NOR Flash through FlexSPI module using load command

    Code Block
    section(0) {
  ...
  load myBinFile > 0x60001000;
  ...
}

Command for secure binary generation:

Code Block
elftosb -f imx -V -c imx-

...

flexspinor-unsigned.bd -o ivt_flexspinor_xip.bin led_demo_evk_flexspi_nor_0x60002000.srec

Expand
titleGenerate SB file for FlexSPI NOR Image encryption and programming

Usually, a BD file for FlexSPI NOR image encryption and programming consists of 7 parts.

  1. The bootable image file path is provided in the sources block

  2. Enable FlexSPI NOR access using FlexSPI NOR Configuration Option block

  3. Erase the Flash device if it is not blank. The erase operation is time-consuming and is not required for a blank Flash device (factory setting) during Manufacturing.

  4. Enable image encryption using PRDB option block.

  5. Program FNORCB using a magic number.

  6. Program boot image binary into Serial NOR via FlexSPI module

  7. Enable Encrypted XIP fuse bits.